AI Analysis
Final verdict: SUSPICIOUS
The package exhibits suspicious behaviors including potential unauthorized shell execution and credential harvesting, despite having no direct network calls or obfuscation techniques.
- Shell risk due to detection of GitHub auth token retrieval
- Potential credential risk from patterns suggesting secret harvesting
Per-check LLM notes
- Network: No network calls detected, which is neutral.
- Shell: Detected shell execution attempts to retrieve GitHub auth token, potentially for package maintenance purposes but could be unauthorized access attempt.
- Obfuscation: No obfuscation patterns detected.
- Credentials: Detected patterns suggest potential credential harvesting, but could be legitimate use of environment variables and keyring for accessing secrets.
- Metadata: The package shows low activity and poor metadata quality, which could indicate potential risk.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 2.0
Found 1 shell execution pattern(s)
ken try: result = subprocess.run( ["gh", "auth", "token"], capture_ou
Credential Harvesting
score 5.0
Found 2 credential access pattern(s)
turn explicit_key token = os.environ.get("GITHUB_TOKEN") if token: return token try: resulERVICES: secret_str = keyring.get_password(service, "github.com") if secret_str: to
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gmail.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 4.0
2 maintainer concern(s) found
Author "Olivier Steck" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with actor-ai
Create a real-time language translation chatbot using the 'actor-ai' package in Python. This chatbot will utilize multiple AI providers such as Google Translate and DeepL to provide users with accurate translations in various languages. The application should be designed to handle concurrent user interactions efficiently and provide quick responses by leveraging the multi-provider capabilities of 'actor-ai'. Hereβs a detailed breakdown of the project requirements: 1. **User Interface**: Develop a simple command-line interface (CLI) where users can input their messages and select the source and target languages. 2. **AI Agents Setup**: Use 'actor-ai' to set up multiple AI agents for each translation provider. Each agent should be capable of handling translation requests independently. 3. **Concurrency Handling**: Implement a mechanism within your application to manage concurrent translation requests from different users. Ensure that the system remains responsive even under heavy load. 4. **Error Handling**: Include robust error handling to manage scenarios where a particular provider might not be available or returns an error. In such cases, the application should automatically retry the request through another provider. 5. **Logging**: Integrate logging to track user interactions, errors, and system performance. This will help in monitoring the application's health and making improvements over time. 6. **Testing**: Write unit tests for the core functionalities of your application to ensure reliability and accuracy of translations. 7. **Documentation**: Provide clear documentation explaining how to run the application, its features, and any limitations. Also, include instructions on how to add more translation providers if needed. To get started, first install the 'actor-ai' package and familiarize yourself with its documentation. Then, design your application architecture around the idea of actors, ensuring that each translation provider is represented by an independent actor. Finally, test your application thoroughly before deployment.